Royal Posted April 5, 2023 Share Posted April 5, 2023 Hello guys, so am developing a blog system and am having some issues...when i try to make a post, if i write little blog content it saves successfully to the DB, but when i use large text is throws an error, i have tried different data type on the column for details yet it doesnt seem to work. Please help. Below is the details of my code and the DB. -- -- Table structure for table `tblposts` -- CREATE TABLE `tblposts` ( `id` int(11) NOT NULL, `PostTitle` longtext NOT NULL, `CategoryId` int(11) NOT NULL, `SubCategoryId` int(11) NOT NULL, `PostDetails` longtext NOT NULL, `PostingDate` timestamp NOT NULL DEFAULT current_timestamp(), `UpdationDate` timestamp NOT NULL DEFAULT '0000-00-00 00:00:00', `Is_Active` varchar(11) NOT NULL, `PostUrl` varchar(500) NOT NULL, `PostImage` varchar(255) NOT NULL, `tags` varchar(255) NOT NULL ) ENGINE=InnoDB DEFAULT CHARSET=utf8mb4 COLLATE=utf8mb4_unicode_ci; -- -- Indexes for dumped tables -- -- -- Indexes for table `tblposts` -- ALTER TABLE `tblposts` ADD PRIMARY KEY (`id`); -- -- AUTO_INCREMENT for dumped tables -- -- -- AUTO_INCREMENT for table `tblposts` -- ALTER TABLE `tblposts` MODIFY `id` int(11) NOT NULL AUTO_INCREMENT, AUTO_INCREMENT=2; My php script: <?php session_start(); include('includes/config.php'); error_reporting(0); if(strlen($_SESSION['login'])==0) { header('location:index.php'); } else{ // For adding post if(isset($_POST['submit'])) { $posttitle=$_POST['posttitle']; $catid=$_POST['category']; $subcatid=$_POST['subcategory']; $postdetails=$_POST['postdescription']; $url= $_POST['posttitle']; $imgfile=$_FILES["postimage"]["name"]; // get the image extension $extension = substr($imgfile,strlen($imgfile)-4,strlen($imgfile)); // allowed extensions $allowed_extensions = array(".jpg","jpeg",".png",".gif"); // Validation for allowed extensions .in_array() function searches an array for a specific value. if(!in_array($extension,$allowed_extensions)) { echo "<script>alert('Invalid format. Only jpg / jpeg/ png /gif format allowed');</script>"; } else { //rename the image file $imgnewfile=md5($imgfile).$extension; // Code for move image into directory move_uploaded_file($_FILES["postimage"]["tmp_name"],"postimages/".$imgnewfile); $status=1; $query="INSERT INTO tblposts(PostTitle,CategoryId,SubCategoryId,PostDetails,PostUrl,Is_Active,PostImage) VALUES('$posttitle','$catid','$subcatid','$postdetails','$url','$status','$imgnewfile')"; if(mysqli_query($con,$query)) { $msg="Post successfully added "; } else{ $error="Something went wrong . Please try again."; } } } ?> my db screenshot Quote Link to comment https://forums.phpfreaks.com/topic/316088-blog-post-issues/ Share on other sites More sharing options...
kicken Posted April 5, 2023 Share Posted April 5, 2023 You're probably having issues with SQL Injection due to putting your raw values directly into your query. You should be using prepared queries and binding the values as parameters, not inserting them into the query text directly. I would also suggest you look into using PDO instead of mysqli. It's a cleaner and easier to use API, particularly with prepared queries. Quote Link to comment https://forums.phpfreaks.com/topic/316088-blog-post-issues/#findComment-1607061 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.